<?
	if (!empty($_POST['username']) || !empty($_POST['email'])) {
		#check for valid email
		$email = $_POST['email'];
		if (!valid_email($email)) $email = $_POST['username'];
		if (!valid_email($email)) error('You must specify a valid email address.'); 
		else {
			#just in case we only ask for the email on a signup form
			$username = $_POST['username'];
			if (empty($username)) $username = $email;
		
			$errors = array();
			#if we have an email_confirmation field, make sure it matches the email field
			if (isset($_POST['email_confirmation'])) {
				if ($_POST['email_confirmation'] != $email) $errors[] = 'Your email addresses do not match.';
			}
			
			#if we have a password field, validate it
			if (isset($_POST['password'])) {
				if ($_POST['password'] != $_POST['password_confirmation']) $errors[] = 'Your passwords do not match.';
				if (strlen($_POST['password']) < 5) $errors[] = 'Passwords must be at least 5 characters long.';
			}
			
			#check for duplicate email
			$sql = "SELECT COUNT(1) FROM users WHERE email = '$email'";
			if (db_result(db_query($sql), 0) != 0) $errors[] = 'That email address is already in use.';
			
			#usernames must be 5 characters
			if (strlen($username) < 5) $errors[] = 'Usernames must be at least 5 characters long.';
			else {
				#check for duplicate username
  			$sql = "SELECT COUNT(1) FROM users WHERE username = '{$username}'";
  			if (db_result(db_query($sql), 0) != 0) $errors[] = 'That username address is already in use.';
			}
			
			if (!empty($errors)) errors($errors);
			else {
				$user = array('id' => 0);
				$user['username'] = db_escape_string($username);
				$user['email'] = db_escape_string($email);
				$user['first_name'] = db_escape_string($_POST['first_name']);
				$user['last_name'] = db_escape_string($_POST['last_name']);
				
				$user = db_save($user, 'users', true);
				
				#save the password -- must be done on UPDATE not INSERT
				if (empty($_POST['password'])) {
					$user['password'] = password();
					if (mail($user['email'], 'Your new account', "Your new password is:\n{$user['password']}\n\n", 'From: ' . FROM_EMAIL)) $pass_notice = '<br /><br />Please check your email for your password.';
				} else $user['password'] = $_POST['password'];
				
				$_SESSION['current_user'] = db_save($user, 'users', true);
			
				#add to NEW_ACCOUNT_ROLES_ID role
				$sql = "INSERT INTO users_to_user_roles (users_id, user_roles_id) VALUES ({$user['id']}, " . NEW_ACCOUNT_ROLES_ID . ")";
				db_query($sql);
				
				
				message("Congratulations! Your new account is ready.$pass_notice");
				location('/users/profile');
			}
		}		
	}
?>

<form method="post">
	<fieldset>
		<legend>Join</legend>
		
		<label for="first_name">
			First Name
			<input type="text" name="first_name" id="first_name" value="<?php echo $_POST['first_name']?>" />
		</label>
		
		<label for="last_name">
			Last Name
			<input type="text" name="last_name" id="last_name" value="<?php echo $_POST['last_name']?>" />
		</label>
		
		<label for="email">
			Email*
			<input type="text" name="email" id="email" value="<?php echo $_POST['email']?>" />
		</label>
		
		<label for="email_confirmation">
			Confirm Email*
			<input type="text" name="email_confirmation" id="email_confirmation" value="<?php echo $_POST['email_confirmation']?>" autocomplete="off" />
		</label>
		
		<label for="password">
			Password
			<input type="password" name="password" id="password" value="" autocomplete="off" />
		</label>
		
		<label for="password_confirmation">
			Confirm Password
			<input type="password" name="password_confirmation" id="password_confirmation" value="" autocomplete="off" />
		</label>
		
		<input type="submit" value="Continue..." />
	</fieldset>
</form>
